Hello, There's currently a ticket that suggests that the requirement for external validation be removed. Today, if example.com has an RUA that points at example.net, the latter must create a record as such:
example.com._report._dmarc.example.net TXT "v=DMARC1" The original thought was that a bad actor could overwhelm a target with unrequested reports. It seems in reality, most report generators only send once per day. Additionally, there appear to be some generators who ignore the absence of these records. https://tools.ietf.org/html/rfc7489#section-7.1 We'd like to have discussion wrapped up in about two weeks or so. Again, thank you for your participation. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
